Loading...

Apply template

XML

Word

Printable

Details

Type: Work Item
Resolution: Done
Priority: Major
Fix Version/s: 1.1.27
Affects Version/s: None
Component/s: None
Labels:

Platform:
All
Epic Link:
Fix high CVE issues detected by Veracode/SourceClear
GreenHopper Ranking:
0|i1r1tf:
GreenHopper Ranking (Obsolete):
9223372036854775807
Project Size:
Small

Description

We need to update Apache Tomcat to 9.0.37 to pick up a fixes for high level CVEs:

https://nvd.nist.gov/vuln/detail/CVE-2020-9484
http://mail-archives.apache.org/mod_mbox/www-announce/202006.mbox/%3Cfd56bc1d-1219-605b-99c7-946bf7bd8ad4@apache.org%3E
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935

This fix depends also on Meecrowave 1.2.10 (https://issues.apache.org/jira/browse/MEECROWAVE-251), and so is blocked until this is released.

Attachments

Activity

People

Assignee:: emmanuel gallois

Reporter:: Colm O Heigeartaigh

Fixed by:: emmanuel gallois

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 21/May/20 12:10 PM

Updated:: 19/Nov/20 9:07 AM

Resolved:: 18/Nov/20 10:33 AM